Lesson 10: Assess Endpoint Security Capabilities Flashcards
What are essential practices for endpoint hardening?
Essential practices include regular updates, secure password policies, least privilege principle, and disabling unnecessary features to reduce the attack surface.
What does the principle of least functionality emphasize in Operating Systems (OS) security?
Running only required services and protocols.
Using baselines for standardized secure configurations.
What strategies are used for workstation hardening?
Removing unnecessary software.
Segmenting workstations.
Securing peripheral devices (e.g., USB ports).
Enforcing logging, encryption, endpoint protection, and user education.
What are Endpoint Protection strategies?
Segmentation: Isolate systems to prevent malware spread.
Isolation: Limit device interactions to reduce lateral movement of threats.
Antivirus and Antimalware: Enhance malware detection and response.
Disk Encryption: Protect data at rest using tools like BitLocker or FileVault.
Patch Management: Use testing environments and enterprise suites like SCCM to apply patches consistently.
What are examples of advanced endpoint protection tools, and what do they do?
Endpoint Detection and Response (EDR): Real-time threat monitoring and analysis for endpoint devices.
Extended Detection and Response (XDR): Expands EDR to include network, cloud, and other components.
HIDS/HIPS: Monitor for unauthorized access and system anomalies.
User Behavior Analytics (UBA/UEBA): Detect insider threats or compromised accounts based on deviations from baseline behavior.
What are endpoint configuration mitigation techniques?
Mitigation approaches include addressing social engineering, fixing configuration drift, and applying ACLs for precise access control.
Enforce file system permissions, maintain application allow/block lists, and use continuous monitoring for compliance.
What tools enforce configuration adherence?
Tools like Group Policy (Windows) and SELinux (Linux/Android) ensure adherence to standardized security settings.
Firewalls benefit from automated enforcement to block unauthorized traffic.
What are techniques for physical and logical port hardening?
Physical Port Protection: Disable unused ports (USB, HDMI) and warn against attaching unknown devices.
Logical Port Hardening: Employ firewalls and service-specific protections.
What encryption practices safeguard data?
Full disk encryption (FDE), removable media encryption, and VPNs.
What are essential practices for mobile device hardening?
Encryption, screen locks, secure app configurations, limiting Bluetooth/NFC usage, and centralized device management.
What are the deployment models for mobile devices?
BYOD (Bring Your Own Device): Balances flexibility with security risks.
COPE/CYOD (Corporate-Owned Personally Enabled/Choose Your Own Device): Offers more control, while allowing limited personal use.
COBO (Corporate-Owned Business Only): Full enterprise control for business-only devices.
What does Mobile Device Management (MDM) accomplish?
Centralizes enforcement of security policies, device tracking, and app management.
Which platforms are popular for MDM?
Popular platforms include Microsoft Intune, VMware AirWatch, and IBM MaaS360.
How does full device encryption protect mobile devices?
It safeguards persistent storage and sensitive app data, ensuring comprehensive protection.
iOS and Android support encryption for persistent storage and sensitive app data.
Apply encryption to external media (e.g., SD cards) for comprehensive protection.
What are the connection methods regarding mobile devices?
Cellular/GPS Security
Wi-Fi and Tethering
Bluetooth
How can cellular/GPS data be protected?
By using VPNs, awareness training, and device encryption.
What are the risks associated with Bluetooth usage?
Bluejacking and bluesnarfing, which can be mitigated by securing pairing processes and updating firmware.
How can you mitigate Wi-Fi and Tethering risks?
Avoid open or rogue access points; disable ad hoc networks.
What is NFC and what is it used for?
Near-Field Communication (NFC)
Commonly used for contactless payments
What are NFC vulnerabilities, and how are they mitigated in mobile payments?
Vulnerabilities: Susceptible to eavesdropping and skimming attacks.
Mitigation: Mobile wallets like Apple Pay and Google Pay use tokenization and require endpoint safeguards.
How does tokenization in mobile payment services improve security?
It replaces sensitive data with unique tokens, preventing eavesdropping and skimming attacks.
